Web2 combined with Ethereum login can not achieve perfect decentralization, but the dawn has already appeared.
Original Title: “Why Ethereum Will Revive Digital Identity”
Written by: Ping Chen
Translation: ETH Chinese Station
Digital identity, or self-sovereign identity, is a technology that uses asymmetric encryption technology to provide authentication for online transactions, and to ensure the integrity and non-repudiation of transactions. It is a prerequisite for several Internet activities, such as certificate issuance, private information transfer, and of course financial business.
Image courtesy of Chris Yang of Unsplash
The rise of online identity
Password or key
The idea of ​​”key as identity” has existed in the last century. However, digital identities were not widely accepted by ordinary users at the time. The main reason is undoubtedly that the use of this system is too complicated. How can non-technical personnel keep the private key in their hands conveniently and safely? They cannot do it.
As a result, when web 2.0 appeared, Internet companies needed to authenticate their users, and they decided to adopt an account password model instead of a public-private key pair model. When registering a new account, users create a password that they can remember, and the network company saves the password. After that, they log in using a “brain to database” authentication method.
Security and Centralization Crisis
This simple model works, but it also brings a series of security issues. Because remembering multiple sets of passwords is tiring, users tend to reuse their passwords everywhere. If one of the service providers stores the user’s password in an insecure way (for example, no “salt”, use of an insecure hash function, etc.) and is compromised, then all other services will be in danger.
(Translator’s note, in cryptography, insert a specific string at any fixed position in the password, so that the hashed result does not match the hashed result of the original password. This process is called “salt” “. This kind of treatment can add extra security.)
OAuth
OAuth was invented to solve this problem. It allows small companies to rely on existing service providers. They do not need to run their own authentication server, but only need to delegate this part of the work to a third-party company whose user already has an account. Despite this, even giant companies like Facebook have been found to store passwords in plain text and be leaked. Not to mention centralization risks, many companies that adopt OAuth are affected by changing policies. Once a company is banned by an OAuth provider, the entire business will collapse.
The return of digital identity
Nowadays, people in this industry are beginning to discuss alternatives to the account-password model again. Solutions without passwords such as biometric, SMS, and OTP are feasible, but in terms of identity, key pairs still seem to be the ultimate goal. We believe that blockchain, or Ethereum, will revive digital identity. The reasons are as follows:
Blockchain user-friendly cryptocurrency infrastructure
As mentioned earlier, usability is the primary issue based on key pair identity. It is unrealistic to require laymen to use a command-line tool to sign transactions. It is also very scary for them to be completely responsible for the preservation of keys when using a decentralized system.
Commercial-grade wallet for storing private keys
People in the cryptocurrency field are already very familiar with all these concepts. As the tool matures, signing with a private key has never been easier.
Thanks to Dapp and Ethereum, more and more people have the first experience of owning a private key and using it to sign transactions. People have built a large number of browser extensions, mobile applications, and hardware devices to meet the growing demand. These easy-to-use tools are conducive to the popularization of digital identity, even if these tools are not built for it.
The state of the blockchain
Unlike password verification, public key encryption itself is stateless, which means that the validity of encrypted signatures is independent of the environment. However, in some advanced scenarios, digital identity still needs “state”. Many GPG users will interact with a (to some extent) centralized key server to register/replace/revoke their public keys. In general, we still need state to enrich the usability and expressiveness of digital identities.
Translator’s Note: GPG is the abbreviation of GNU Privacy Guard, it is a free software alternative to the PGP encryption software suite available from the American software company Symantec
On-chain record of identity
Blockchain can perfectly meet the need to provide status for your identity. Different from using MIT servers to store key records, the distributed ledger of Ethereum has approximately 5000 copies in the world. All records are auditable, tamper-proof and economical finality. Projects like ENS are providing an on-chain registry for your identity. You can link overseas accounts and add metadata for your identity, all without permission.
Account controlled by private key vs. account controlled by code
In addition, by using smart contracts to implement access control, your identity on Ethereum is programmable. You can add features such as multi-signature, social recovery, and even dead man’s switch to your root identity while maintaining the ease of daily use.
Digital identity + OAuth
Although we already have many users with private keys, we still don’t have a universal solution in terms of service providers to make digital identities adopted by more people. Fortunately, OAuth has been adopted by many vendors. Combining OAuth with key-based authentication, web2 companies can integrate digital identities in the way they are used to.
Eauth is an OAuth-compatible authentication service based on Ethereum. Integrators can seamlessly use digital identity as an option for OAuth without any knowledge of cryptography and web3 wallets. Although using OAuth usually means giving control to a third party, the identity authenticated by Eauth will always remain unmanaged.
Users, wallets and web2 service providers communicate through Eauth
A roadmap to decentralization
There is no denying that web2+Ethereum login is not perfect for decentralization. The decentralized world should be completely free of permission and trustlessness, but most of the current network activities are still carried out on web2 servers. It is very likely that the web2 and web3 worlds will go side by side for a period of time. During this period, Eauth can become a bridge connecting the two worlds.
Source link: medium.com
Disclaimer: As a blockchain information platform, the articles published on this site only represent the author’s personal views, and have nothing to do with the position of ChainNews. The information, opinions, etc. in the article are for reference only, and are not intended as or regarded as actual investment advice.